<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹄略⁴漠瑨攠楮捲敡獩湧楺攠潦慴慢慳攬⁵獥爠慣捥獳⁴業敳湤慩汹慣歵灳潮瑩湵攠瑯湣牥慳攮⁗桩捨映瑨攠景汬潷楮朠睯畬搠扥⁴桥⁂䕓吠睡礠瑯摤牥獳⁴桩猠獩瑵慴楯渿㰯瀾㰯摩瘾
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠瑨攠䵏協浰潲瑡湴⁰牯捥獳⁴漠敮獵牥⁰污湮敤⁉吠獹獴敭桡湧敳牥潭灬整敤渠慮晦楣楥湴慮湥爿㰯瀾㰯摩瘾
Options:
D.
Configuration management
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹔漠摥癥汯瀠愠牯扵獴慴愠獥捵物瑹⁰牯杲慭Ⱐ瑨攠䙉剓吠捯畲獥映慣瑩潮桯畬搠扥⁴漺㰯瀾㰯摩瘾
Options:
A.
perform an inventory of assets.
B.
implement data loss prevention controls.
C.
interview IT senior management.
D.
implement monitoring, controls
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮⁉匠慵摩瑯爠牥癩敷楮朠瑨攠慣煵楳楴楯渠潦敷煵楰浥湴⁷潵汤潮獩摥爠睨楣栠潦⁴桥潬汯睩湧⁴漠扥楧湩晩捡湴⁷敡歮敳猿㰯瀾㰯摩瘾
Options:
A.
Evaluation criteria when finalized after the initial assessment of responses
B.
Staff involved in the evaluation were aware of the vendors being evaluated.
C.
Independent consultants prepared the request for proposal (RFP) documents.
D.
The closing date for responses was extended after a request from potential vendors.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾周攠物獫⁴桡琠瑨攠䥓畤楴潲⁷楬氠湯琠晩湤渠敲牯爠瑨慴慳捣畲牥搠楳摥湴楦楥搠批⁷桩捨映瑨攠景汬潷楮朠瑥牭猿㰯瀾㰯摩瘾
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䥮桥牥湴楳欠牡瑩湧牥整敲浩湥搠批獳敳獩湧⁴桥浰慣琠慮搠汩步汩桯潤映愠瑨牥慴爠癵汮敲慢楬楴礠潣捵牲楮机㰯瀾㰯摩瘾
Options:
A.
Before the risk appetite Is established
B.
After compensating have been applied
C.
After internal controls are taken into account.
D.
Before internal controls are taken into account.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮牧慮楺慴楯渠畳楮朠楮獴慮琠浥獳慧楮朠瑯潭浵湩捡瑥⁷楴栠捵獴潭敲猠灲敶敮琠汥杩瑩浡瑥畳瑯浥牳牯洠扥楮朠業灥牳潮慴敤示㰯瀾㰯摩瘾
Options:
A.
Authentication users before conversation are initiated.
B.
Using firewall to limit network traffic to authorized ports.
D.
Using call monitoring.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䄠捯浰慮礠污灴潰慳敥渠獴潬敮湤汬⁰桯瑯猠潮⁴桥慰瑯瀠桡癥敥渠灵扬楳桥搠潮潣楡氠浥摩愮⁗桩捨映瑨攠景汬潷楮朠楳⁴桥⁉匠慵摩瑯爧猠䉅協潵牳攠潦捴楯渿㰯瀾㰯摩瘾
Options:
A.
Determine if the laptop had the appropriate level of encryption
B.
Verify the organization's incident reporting policy was followed
C.
Ensure that the appropriate authorities have been notified
D.
Review the photos to determine whether they were for business or personal purposes
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桥渠摥癥汯灩湧楳欭扡獥搠䥓畤楴⁰污測⁴桥⁐剉䵁剙潣畳桯畬搠扥渠晵湣瑩潮猺㰯瀾㰯摩瘾
Options:
A.
with the most ineffective controls.
B.
with the greatest number of threats.
C.
considered critical to business operations.
D.
considered important by IT management
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧⁰牯瑥捴猠慧慩湳琠瑨攠業灡捴映瑥浰潲慲礠慮搠牡灩搠摥捲敡獥猠潲湣牥慳敳渠敬散瑲楣楴礿㰯瀾㰯摩瘾
Options:
A.
Emergency power-off switch
C.
Redundant power supply
D.
Uninterruptible power supply (UPS)
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠慮⁉匠慵摩瑯爠猠䝒䕁呅協潮捥牮⁷桥渠慮牧慮楺慴楯渠摯敳潴敧畬慲汹⁵灤慴攠獯晴睡牥渠楮摩癩摵慬⁷潲歳瑡瑩潮猠楮⁴桥湴敲湡氠敮癩牯湭敮琿㰯瀾㰯摩瘾
Options:
A.
The organization may be more susceptible to cyber-attacks.
B.
The organization may not be in compliance with licensing agreement.
C.
System functionality may not meet business requirements.
D.
The system may have version control issues.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮⁉匠慵摩瑯爠桡猠慳獥獳敤⁰慹牯汬敲癩捥⁰牯癩摥狃ꋢ芬ꉳ散畲楴礠灯汩捹湤楮摳楧湩晩捡湴⁴潰楣猠慲攠浩獳楮朮⁗桩捨映瑨攠景汬潷楮朠楳⁴桥畤楴潲쎢곢蒢猠䉅協潵牳攠潦捴楯渿㰯瀾㰯摩瘾
Options:
A.
Recommend the service provider update their policy
B.
Report the risk to internal management
C.
Notify the service provider of the discrepancies.
D.
Recommend replacement of the service provider
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠楳⁴桥⁂䕓吠獯畲捥映楮景牭慴楯渠睨敮獳敳獩湧⁴桥浯畮琠潦⁴業攠愠灲潪散琠睩汬⁴慫政㰯瀾㰯摩瘾
Options:
A.
Critical path analysis
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾周攠䵁䩏删牥慳潮潲敧牥条瑩湧⁴敳琠灲潧牡浳牯洠灲潤畣瑩潮⁰牯杲慭猠楳⁴漺㰯瀾㰯摩瘾
Options:
A.
provide control over program changes
B.
limit access rights of IS staff to the development environment.
C.
provide the basis for efficient system change management
D.
achieve segregation of duties between IS staff and end users
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠瑨攠䉅協⁷慹⁴漠晡捩汩瑡瑥⁰牯灥爠景汬潷瀠景爠慵摩琠晩湤楮朿㰯瀾㰯摩瘾
Options:
A.
Conduct a surprise audit to determine whether remediation is in progress
B.
Schedule a follow-up audit for two weeks after the initial audit was completed
C.
Conduct a follow-up audit when findings escalate to incidents
D.
Schedule a follow-up audit based on remediation due dates.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁楳欠浡湡来浥湴祳瑥淃ꋢ芬ꉳ⁐剉䵁剙畮捴楯渠楳⁴漺㰯瀾㰯摩瘾
Options:
A.
Provide data on efficient disk usage.
B.
Deny access to disk resident data files.
C.
Monitor disk accesses for analytical review
D.
Provide the method of control for disk usage
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠瑨攠䝒䕁呅協敮敦楴映業灬敭敮瑩湧渠䥔潶敲湡湣攠獴牡瑥杹⁷楴桩渠慮牧慮楺慴楯渿㰯瀾㰯摩瘾
Options:
A.
IT projects are delivered on time and under budget
B.
Management is aware of IT-related risks.
C.
Employees understand roles and responsibilities
D.
Reporting and metrics become higher priority.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠䥓畤楴潲慳潵湤⁴桡琠慮牧慮楺慴楯渠楳⁵湡扬攠瑯摤敷敲癥牳渠摥浡湤渠愠捯獴ⵥ晦楣楥湴慮湥爠坨楣栠潦⁴桥潬汯睩湧猠瑨攠慵摩瑯爠猠䉅協散潭浥湤慴楯渿㰯瀾㰯摩瘾
Options:
A.
Upgrade hardware to newer technology.
B.
Increase the capacity of existing systems.
C.
Build a virtual environment
D.
Hire temporary contract workers for the IT function.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楬攠灥牦潲浩湧楳欭扡獥搠慵摩琬⁷桩捨映瑨攠景汬潷楮朠睯畬搠䉅協湡扬攠慮⁉匠慵摩瑯爠瑯摥湴楦礠慮搠捡瑥杯特楳欿㰯瀾㰯摩瘾
Options:
A.
Understanding the business environment
B.
Understanding the control framework
C.
Adopting qualitative risk analysis
D.
Developing a comprehensive risk model
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧桯畬搠扥⁴桥⁍体吠業灯牴慮琠捯湳楤敲慴楯渠睨敮獴慢汩獨楮朠摡瑡污獳楦楣慴楯渠獴慮摡牤猿㰯瀾㰯摩瘾
Options:
A.
Reporting metrics are established.
B.
An education campaign is established upon rollout.
C.
The standards comply with relevant regulations.
D.
Management supports the newly developed standards
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮牧慮楺慴楯渠楳渠瑨攠灲潣敳猠潦散楤楮朠睨整桥爠瑯汬潷物湧⁹潵爠潷渠摥癩捥
䉙佄⤠灲潧牡洮⁉映慰灲潶敤Ⱐ睨楣栠潦⁴桥潬汯睩湧桯畬搠扥⁴桥⁆䥒協潮瑲潬敱畩牥搠扥景牥浰汥浥湴慴楯渿㰯瀾㰯摩瘾
Options:
A.
An accept able use policy
C.
Device baseline configurations
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠捯湴牯汳⁷楬氠䵏協晦散瑩癥汹整散琠楮捯湳楳瑥湴散潲摳敳畬瑩湧牯洠瑨攠污捫映牥晥牥湴楡氠楮瑥杲楴礠楮慴慢慳攠浡湡来浥湴祳瑥洿㰯瀾㰯摩瘾
Options:
A.
Concurrent access controls
B.
Incremental data backups
C.
Performance monitoring tools
D.
Periodic table link checks
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮畤楴潲猠捲敡瑩湧渠慵摩琠灲潧牡洠楮⁷桩捨⁴桥扪散瑩癥猠瑯獴慢汩獨⁴桥摥煵慣礠潦⁰敲獯湡氠摡瑡⁰物癡捹潮瑲潬猠楮⁰慹牯汬⁰牯捥獳⸠坨楣栠潦⁴桥潬汯睩湧⁷潵汤攠䵏協浰潲瑡湴⁴漠楮捬畤政㰯瀾㰯摩瘾
Options:
A.
Approval of data changes
B.
User access provisioning
C.
Segregation of duties controls
D.
Audit logging of administrative user activity
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹔漠桥汰湳畲攠瑨攠慣捵牡捹湤潭灬整敮敳猠潦湤獥爠捯浰畴楮朠潵瑰畴琠楳⁍体吠業灯牴慮琠瑯湣汵摥瑲潮机㰯瀾㰯摩瘾
Options:
A.
documentation controls.
B.
change management controls.
C.
access management controls
D.
reconciliation controls
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桥渠捯湤畣瑩湧潬汯眭異畤楴渠慮牧慮楺慴楯渠猠晩牥睡汬潮晩杵牡瑩潮Ⱐ瑨攠䥓畤楴潲楳捯癥牥搠瑨慴⁴桥楲敷慬氠桡搠扥敮湴敧牡瑥搠楮瑯敷祳瑥洠瑨慴⁰牯癩摥猠扯瑨楲敷慬氠慮搠楮瑲畳楯渠摥瑥捴楯渠捡灡扩汩瑩敳⸠周攠䥓畤楴潲桯畬携㰯瀾㰯摩瘾
Options:
A.
review the compatibility of the new system with existing network controls
B.
consider the follow-up audit unnecessary since the firewall is no longer being used
C.
assess whether the integrated system addresses the identified risk
D.
evaluate whether current staff is able to support the new system
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮牧慮楺慴楯渠桡猠潵瑳潵牣敤瑳慴愠汥慫慧攠浯湩瑯物湧⁴漠慮⁉湴敲湥琠獥牶楣攠灲潶楤敲
䥓倩⸠坨楣栠潦⁴桥潬汯睩湧猠瑨攠䉅協⁷慹潲渠䥓畤楴潲⁴漠摥瑥牭楮攠瑨攠敦晥捴楶敮敳猠潦⁴桩猠獥牶楣政㰯瀾㰯摩瘾
Options:
A.
Review the data leakage clause in the SLA.
B.
verify the ISP has staff to deal with data leakage.
C.
Simulate a data leakage incident.
D.
Review the ISP's external audit report
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹍体吠敦晥捴楶攠睡礠瑯整敲浩湥映䥔猠浥整楮朠扵獩湥獳敱畩牥浥湴猠楳⁴漠敳瑡扬楳栺㰯瀾㰯摩瘾
Options:
C.
key performance indicators (KPls).
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠睯畬搠扥映䵏協潮捥牮畲楮朠慮畤楴映慮湤獥爠捯浰畴楮朠獹獴敭潮瑡楮楮朠獥湳楴楶攠楮景牭慴楯渿㰯瀾㰯摩瘾
Options:
A.
Audit logging is not available
B.
Secure authorization is not available
C.
System data is not protected.
D.
The system is not included in inventory.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䄠獥捵物瑹敧畬慴楯渠牥煵楲敳⁴桥楳慢汩湧映摩牥捴摭楮楳瑲慴潲捣敳献⁓畣栠慣捥獳畳琠潣捵爠瑨牯畧栠慮湴敲浥摩慴攠獥牶敲⁴桡琠桯汤猠慤浩湩獴牡瑯爠灡獳睯牤猠景爠慬氠獹獴敭猠搠牥捯牤猠慬氠慣瑩潮献⁁渠䥓畤楴潲⁐剉䵁剙潮捥牮⁷楴栠瑨楳潬畴楯渠睯畬搠扥⁴桡琺㰯瀾㰯摩瘾
Options:
A.
it represents a single point of failure
B.
segregation of duties is not observed.
C.
it is not feasible to implement
D.
access logs may not be maintained
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧桯畬搠扥映䵏協潮捥牮⁴漠慮⁉匠慵摩瑯爠牥癩敷楮朠慮牧慮楺慴楯滃ꋢ芬ꉳ楳慳瑥爠牥捯癥特⁰污渠⡄剐⤿㰯瀾㰯摩瘾
Options:
A.
Copies of the DRP are not kept in a secure offsite location.
B.
The CIO has not signed off on the DRP
C.
The disaster recovery steps are not detailed.
D.
The responsibility for declaring a disaster is not identified
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹌潳猭獩瑥捲楰瑩湧
塓匩瑴慣歳牥⁂䕓吠灲敶敮瑥搠瑨牯畧栺㰯瀾㰯摩瘾
Options:
A.
a three-tier web architecture.
B.
Secure coding practices
C.
application firewall policy settings
D.
use of common industry frameworks.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠愠牥捥湴湴敲湡氠摡瑡牥慣栬渠䥓畤楴潲⁷慳獫敤⁴漠敶慬畡瑥湦潲浡瑩潮散畲楴礠灲慣瑩捥猠睩瑨楮⁴桥牧慮楺慴楯渮⁗桩捨映瑨攠景汬潷楮朠晩湤楮杳⁷潵汤攠䵏協浰潲瑡湴⁴漠牥灯牴⁴漠獥湩潲慮慧敭敮琿㰯瀾㰯摩瘾
Options:
A.
Desktop passwords do not require special characters
B.
Employees are not required to sign a non-compete agreement.
C.
Users lack technical knowledge related to security and data protection
D.
Security education and awareness workshops have not been completed
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮⁉匠慵摩瑯爠獨潵汤湳畲攠瑨慴渠慰灬楣慴楯渧猠慵摩琠瑲慩氺㰯瀾㰯摩瘾
Options:
A.
has adequate security.
C.
does not impact operational efficiency
D.
logs all database records.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㸮⸠䥭灬敭敮瑩湧⁷桩捨映瑨攠景汬潷楮朠睯畬搠䉅協摤牥獳獳略猠牥污瑩湧⁴漠瑨攠慧楮朠潦⁉吠獹獴敭猿㰯瀾㰯摩瘾
Options:
B.
Configuration management
C.
Application portfolio management
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮牧慮楺慴楯渠畳敳汥捴牯湩挠晵湤猠瑲慮獦敲
䕆吩⁴漠灡礠楴猠癥湤潲献⁗桩捨映瑨攠景汬潷楮朠獨潵汤攠慮⁉匠慵摩瑯爠猠䵁䥎潣畳⁷桩汥敶楥睩湧潮瑲潬猠楮⁴桥捣潵湴猠灡祡扬攠䅰灬楣慴楯渿㰯瀾㰯摩瘾
Options:
A.
Amount of disbursements
B.
Volume of transactions
C.
Changes to the vendor master file
D.
Frequency of transactions
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠潢獥牶慴楯湳潴敤畲楮朠愠牥癩敷映瑨攠潲条湩穡瑩潮潣楡氠浥摩愠灲慣瑩捥猠獨潵汤攠潦⁍体吠捯湣敲渠瑯⁴桥⁉匠慵摩瑯爿㰯瀾㰯摩瘾
Options:
A.
The organization does not require approval for social media posts.
B.
Not all employees using social media have attended the security awareness program.
C.
The organization does not have a documented social media policy.
D.
More than one employee is authorized to publish on social media on behalf of the organization
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠潲条湩穡瑩潮慳獴慢汩獨敤⁴桲敥⁉匠灲潣敳獩湧湶楲潮浥湴猺敶敬潰浥湴Ⱐ瑥獴Ⱐ慮搠灲潤畣瑩潮⸠周攠䵁䩏删牥慳潮潲数慲慴楮朠瑨攠摥癥汯灭敮琠慮搠瑥獴湶楲潮浥湴猠楳㰯瀾㰯摩瘾
Options:
A.
perform testing in a stable environment
B.
obtain segregation of duties between IS staff and end users.
C.
limit the users access rights to the test environment
D.
protect the programs under development from unauthorized testing
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠䥓畤楴潲猠楮癯汶敤渠瑨攠畳敲⁴敳瑩湧⁰桡獥映愠摥癥汯灭敮琠灲潪散琮⁔桥敶敬潰敲猠睩獨⁴漠畳攠愠捯灹映愠灥慫⁶潬畭攠瑲慮獡捴楯渠晩汥牯洠瑨攠灲潤畣瑩潮⁰牯捥獳⁴漠獨潵汤⁴桡琠瑨攠摥癥汯灭敮琠捡渠捯灥⁷楴栠瑨攠牥煵楲敤⁶潬畭攠坨慴猠瑨攠慵摩瑯爠猠偒䥍䅒夠捯湣敲渿㰯瀾㰯摩瘾
Options:
A.
Users may not wish for production data to be made available for testing.
B.
All functionality of the new process may not be tested.
C.
Sensitive production data may be read by unauthorized persons.
D.
The error-handling and credibility checks may not be fully proven
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠䉅協摤牥獳敤⁷桥渠畳楮朠愠瑩浥獴慭瀠睩瑨楮楧楴慬楧湡瑵牥⁴漠摥汩癥爠獥湳楴楶攠晩湡湣楡氠楮景牭慴楯渿㰯瀾㰯摩瘾
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠愠牥慳潮潲浰汥浥湴楮朠愠摥捥湴牡汩穥搠䥔潶敲湡湣攠浯摥氿㰯瀾㰯摩瘾
Options:
A.
Standardized controls and economies of scale
B.
Greater consistency among business units
C.
Greater responsiveness to business needs
D.
IT synergy among business units
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤⁴桥⁉匠慵摩瑯爠摯⁆䥒協⁴漠敮獵牥慴愠瑲慮獦敲湴敧物瑹潲⁉湴敲湥琠潦⁔桩湧猠⡬潔⤠摥癩捥猿㰯瀾㰯摩瘾
Options:
A.
Verify access control lists to the database where collected data is stored.
B.
Determine how devices are connected to the local network.
C.
Confirm that acceptable limits of data bandwidth are defined for each device.
D.
Ensure that message queue telemetry transport (MQTT) is used.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠摡瑡⁷潵汤攠畳敤⁷桥渠灥牦潲浩湧畳楮敳猠業灡捴湡汹獩猠⡂䥁⤿㰯瀾㰯摩瘾
Options:
A.
Cost benefit analysis of running the current business
B.
Projected impact of current business on future business
C.
Expected costs for recovering the business
D.
Cost of regulatory compliance
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹒敱畩物湧⁴桡琠灡獳睯牤猠捯湴慩渠愠捯浢楮慴楯渠潦畭敲楣湤汰桡扥瑩挠捨慲慣瑥牳猠䵏協晦散瑩癥条楮獴⁷桩捨⁴祰攠潦瑴慣欿㰯瀾㰯摩瘾
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤攠慮⁉匠慵摩瑯爧猠䙉剓吠慣瑩癩瑹⁷桥渠灬慮湩湧渠慵摩琿㰯瀾㰯摩瘾
Options:
A.
Identify proper resources for audit activities.
B.
Gain an understanding of the area to be audited.
C.
Create a list of key controls to be reviewed.
D.
Document specific questions in the audit program
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楬攠數散畴楮朠景汬潷瀠慣瑩癩瑩敳Ⱐ慮⁉匠慵摩瑯爠楳潮捥牮敤⁴桡琠浡湡来浥湴慳浰汥浥湴敤潲牥捴楶攠慣瑩潮猠瑨慴牥楦晥牥湴牯洠瑨潳攠潲楧楮慬汹楳捵獳敤湤杲敥搠瑨攠慵摩琠晵湣瑩潮⸠䥮牤敲⁴漠牥獯汶攠瑨攠獩瑵慴楯測⁴桥⁉匠慵摩瑯爯Ⱐ䉅協潵牳攠潦捴楯渠睯畬搠扥⁴漺㰯瀾㰯摩瘾
Options:
A.
postpone follow-up activities and escalate the alternative controls to senior audit management
B.
schedule another audit due to the implementation of alternative controls.
C.
reject the alternative controls and re-prioritize the original issue as high risk.
D.
determine whether the alternative controls sufficiently mitigate the risk and record the results
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䑵物湧⁴桥浰汥浥湴慴楯渠潦渠異杲慤敤湴敲灲楳攠牥獯畲捥⁰污湮楮朠⡅剐⤠獹獴敭Ⱐ睨楣栠潦⁴桥潬汯睩湧猠瑨攠䵏協浰潲瑡湴潮獩摥牡瑩潮潥漭汩癥散楳楯渿㰯瀾㰯摩瘾
Options:
A.
Post-implementation review objectives
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹄畲楮朠瑨攠灲潣畲敭敮琠灲潣敳猠睨楣栠潦⁴桥潬汯睩湧⁷潵汤攠瑨攠䉅協湤楣慴楯渠瑨慴⁰牯獰散瑩癥⁶敮摯牳⁷楬氠浥整⁴桥牧慮楺慴楯渧猠湥敤猿㰯瀾㰯摩瘾
Options:
A.
service catalog is documented.
B.
An account transition manager has been identified.
C.
Expected service levels are defined
D.
The vendor's subcontractors have been identified
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮⁉匠慵摩瑯爠楳癡汵慴楮朠瑨攠汯朠浡湡来浥湴祳瑥洠景爠慮牧慮楺慴楯渠睩瑨敶楣敳湤祳瑥浳渠浵汴楰汥敯杲慰桩挠汯捡瑩潮献⁗桩捨映瑨攠景汬潷楮朠楳⁍体吠業灯牴慮琠景爠攠慵摩瑯爠瑯⁶敲楦礿㰯瀾㰯摩瘾
Options:
A.
Log files w concurrently updated
B.
Log files are encrypted and digitally signed.
C.
Log files are reviewed in multiple locations.
D.
Log files of the servers are synchronized.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䑵物湧敶楥眠潦渠楮獵牡湣攠捯浰慮礠猠捬慩浳祳瑥洬⁴桥⁉匠慵摩瑯爠汥慲湳⁴桡琠捬慩浳潲灥捩晩挠浥摩捡氠灲潣敤畲敳牥捣数瑡扬攠潮汹牯洠晥浡汥猠周楳猠慮硡浰汥映愺㰯瀾㰯摩瘾
Options:
A.
logical relationship check
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠潲条湩穡瑩潮慳杲敥搠瑯⁰敲景牭敭敤楡瑩潮敬慴敤⁴漠桩杨楳欠慵摩琠晩湤楮杳⸠周攠牥浥摩慴楯渠灲潣敳猠楮癯汶敳潭灬數敯牧慮楺慴楯渠潦⁵獥爠牯汥猠慳⁷敬氠慳⁴桥⁉浰汥浥湴慴楯渠潦敶敲慬潭灥湳慴楮朠捯湴牯汳⁴桡琠浡礠湯琠扥潭灬整敤⁷楴桩渠瑨攠湥硴畤楴祣汥⁗桩捨映瑨攠景汬潷楮朠楳⁴桥⁂䕓吠睡礠景爠慮⁉匠慵摩瑯爠瑯潬汯眠異渠瑨敩爠慣瑩癩瑩敳㼼⽰㸼瀾㰯瀾㰯摩瘾
Options:
A.
Provide management with a remediation timeline and verity adherence
B.
Schedule a review of the controls after the projected remediation date
C.
Review the progress of remediation on a regular basis
D.
Continue to audit the failed controls according to the audit schedule
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤攠潦⁇剅䅔䕓吠捯湣敲渠瑯渠䥓畤楴潲敶楥睩湧⁴桥潮瑲潬猠景爠愠捯湴楮畯畳潦瑷慲攠牥汥慳攠灲潣敳猿㰯瀾㰯摩瘾
Options:
A.
Release documentation is not updated to reflect successful deployment
B.
Testing documentation is not attached to production releases.
C.
Developers are able to approve their own releases
D.
Test libraries have not been reviewed in over six months
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹭慴畲楴礠浯摥氠楳⁵獥晵氠楮⁴桥獳敳獭敮琠潦⁉吠獥牶楣攠浡湡来浥湴散慵獥琺㰯瀾㰯摩瘾
Options:
A.
defines the level of control required to meet business needs
B.
provides a benchmark for process improvement
C.
specifies the mechanism needed to achieve defined service levels
D.
indicates the service levels requited for the business area.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䉯瑨瑡瑩獴楣慬湤潮獴慴楳瑩捡氠獡浰汩湧⁴散桮楱略猺㰯瀾㰯摩瘾
Options:
A.
permit the auditor to quantify and fix the level of risk
B.
permit the auditor to quantity the probability of error,
C.
provide each item an equal opportunity of being selected,
D.
require judgment when defining population characteristics
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠䥓畤楴潲潴敳⁴桡琠瑨攠慮瑩捩灡瑥搠扥湥晩瑳牯洠慮湧潩湧湦牡獴牵捴畲攠灲潪散瑳慶攠捨慮来搠摵攠瑯散敮琠潲条湩穡瑩潮慬敳瑲畣瑵物湧⸠坨楣栠潦⁴桥潬汯睩湧猠瑨攠䥓畤楴潲쎢곢蒢猠䉅協散潭浥湤慴楯渿㰯瀾㰯摩瘾
Options:
A.
Review and reapprove the business case
B.
Review business goals and objectives
C.
Conduct a new feasibility study
D.
Review and update the business impact analysis (BIA)
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹔漠捲敡瑥楧楴慬楧湡瑵牥渠愠浥獳慧攠畳楮朠慳祭浥瑲楣湣特灴楯測琠楳散敳獡特⁴漺㰯瀾㰯摩瘾
Options:
A.
First use a symmetric algorithm for the authentication sequence.
B.
encrypt the authentication sequence using a public key.
C.
transmit the actual digital signature in unencrypted clear text.
D.
encrypt the authentication sequence using a private key.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠睯畬搠扥⁴桥⁇剅䅔䕓吠捯湣敲渠睨敮渠潲条湩穡瑩潮쎢곢蒢猠摩獡獴敲散潶敲礠獴牡瑥杹⁵瑩汩穥猠愠捯汤楴政㰯瀾㰯摩瘾
Options:
A.
The lack of hardware components availability
B.
The lack of electrical power connections
C.
The lack of appropriate environmental controls
D.
The lack of networking infrastructure
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠潲条湩穡瑩潮潮獩摥牳浰汥浥湴楮朠愠獹獴敭⁴桡琠畳敳⁴散桮潬潧礠瑨慴猠湯琠楮楮攠睩瑨⁴桥牧慮楺慴楯滃ꋢ芬ꉳ⁉吠獴牡瑥杹⸠坨楣栠潦⁴桥潬汯睩湧猠瑨攠䉅協畳瑩晩捡瑩潮潲敶楡瑩湧牯洠瑨攠䥔瑲慴敧礿㰯瀾㰯摩瘾
Options:
A.
The system makes use of state-of-the-art technology
B.
The organization has staff familiar with the technology
C.
The system has a reduced cost of ownership
D.
The business benefits are achieved even with extra costs
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠瑨攠䵏協晦散瑩癥⁷慹⁴漠楤敮瑩晹湯浡汯畳⁴牡湳慣瑩潮猠睨敮⁰敲景牭楮朠愠灡祲潬氠晲慵搠慵摩琿㰯瀾㰯摩瘾
Options:
A.
Substantive testing of payroll files
B.
Data analytics on payroll data
C.
Observation of payment processing
D.
Sample-based review of pay stubs
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮⁉匠慵摩瑯爠楳潮摵捴楮朠愠灲攭業灬敭敮瑡瑩潮敶楥眠瑯整敲浩湥敷祳瑥洧猠灲潤畣瑩潮敡摩湥獳⸠周攠慵摩瑯爧猠偒䥍䅒夠捯湣敲渠獨潵汤攠睨整桥爺㰯瀾㰯摩瘾
Options:
A.
benefits realization has been evidenced
B.
there are unresolved high-risk items
C.
the project adhered to the budget and target date.
D.
users were involved in the quality assurance (QA) testing.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䅮牧慮楺慴楯渠慬汯睳瑳浰汯祥敳⁴漠畳攠灥牳潮慬潢楬攠摥癩捥猠景爠睯牫⸠坨楣栠潦⁴桥潬汯睩湧⁷潵汤⁂䕓吠浡楮瑡楮湦潲浡瑩潮散畲楴礠睩瑨潵琠捯浰牯浩獩湧浰汯祥攠灲楶慣礿㰯瀾㰯摩瘾
Options:
A.
Installing security software on the devices
B.
Restricting the use of devices for personal purposes during working hours
C.
Partitioning the work environment from personal space on devices
D.
Preventing users from adding applications
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠쎂슻⁴桥⁍体吠業灯牴慮琠灲敲敱畩獩瑥潲⁉浰汥浥湴楮朠愠摡瑡潳猠灲敶敮瑩潮
䑌倩⁴潯氿㰯瀾㰯摩瘾
Options:
A.
Developing a DLP policy and requiring signed acknowledgement by users.
B.
Requiring users to save files in secured folders instead of company-wide shared drive
C.
Identifying where existing data resides and establishing a data classification matrix.
D.
Reviewing data transfer logs to determine historical patterns of data flow
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠潲条湩穡瑩潮慳⁰敲景牭慮捥整物捳⁴漠瑲慣欠桯眠睥汬⁉吠牥獯畲捥猠慲攠扥楮朠畳敤Ⱐ扵琠瑨敲攠桡猠扥敮楴瑬攠灲潧牥獳渠浥整楮朠瑨攠潲条湩穡瑩潮❳潡汳⸠坨楣栠潦⁴桥潬汯睩湧⁷潵汤攠䵏協敬灦畬⁴漠摥瑥牭楮攠瑨攠畮摥牬祩湧敡獯渿㰯瀾㰯摩瘾
Options:
A.
Conducting a root cause analysis
B.
Re-evaluating organizational goals
C.
Re-evaluating key performance indicators (KPls)
D.
Conducting a business impact analysis (BIA)
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁渠䥓畤楴潲猠慳獩杮敤⁴漠牥癩敷⁴桥敶敬潰浥湴映愠獰散楦楣灰汩捡瑩潮⸠坨楣栠潦⁴桥潬汯睩湧⁷潵汤攠瑨攠䵏協楧湩晩捡湴瑥瀠景汬潷楮朠瑨攠晥慳楢楬楴礠獴畤礿㰯瀾㰯摩瘾
Options:
A.
Attend project progress meetings to monitor timely implementation of the application.
B.
Assist users in the design of proper acceptance-testing procedures.
C.
Follow up with project sponsor for project's budgets and actual costs.
D.
Review functional design to determine that appropriate controls are planned.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹉匠慵摩琠楳獫敤‱〠數灬慩渠桯眠汯捡氠慲敡整睯牫
䱁丩敲癥牳慮潮瑲楢畴攠瑯慰楤楳獥浩湡瑩潮映癩牵獥献⁔桥⁉匠慵摩瑯爧猠䉅協敳灯湳攠楳⁴桡琺㰯瀾㰯摩瘾
Options:
A.
the server's software is the prime target and is the first to be infected
B.
the server's operating system exchanges data with each station starting at every log-on.
C.
the server's file sharing function facilitates the distribution of files and applications.
D.
users of a given server have similar usage of applications and files.
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾周攠摥浩汩瑡物穥搠穯湥
䑍娩猠瑨攠灡牴映愠湥瑷潲欠睨敲攠獥牶敲猠瑨慴牥⁰污捥搠慲攺㰯瀾㰯摩瘾
Options:
A.
Running-mission critical, non-web application
B.
Interacting with the public internet
C.
Running internal department applications
D.
External to the organization
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤攠潦⁇剅䅔䕓吠捯湣敲渠瑯渠䥓畤楴潲⁷桥渠慵摩瑩湧渠潲条湩穡瑩潮쎢곢蒢猠楮景牭慴楯渠獥捵物瑹睡牥湥獳㰯瀾㰯摩瘾
Options:
A.
Training quizzes are designed and run by a third party company under a contract with the organization
B.
The number of security incidents logged by employees to the help desk has increased in the past year
C.
Security awareness training is run via the organization’s enterprise wide e-learning portal
D.
Security awareness training is not included as part of the on boarding process for new hires
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䑵物湧敶楥眠潦渠潲条湩穡瑩潮쎢곢蒢猠湥瑷潲欠瑨牥慴敳灯湳攠灲潣敳献⁔桥⁉匠慵摩瑯爠湯瑩捥搠瑨慴⁴桥慪潲楴礠潦汥牴猠睥牥汯獥搠睩瑨潵琠牥獯汵瑩潮⸠䵡湡来浥湴敳灯湤敤⁴桡琠瑨潳攠慬敲瑳⁷敲攠畮睯牫慢汥略⁴漠污捫映慣瑩潮慢汥湴敬汩来湣攬湤⁴桥牥景牥⁴桥異灯牴⁴敡洠楳汬潷敤⁴漠捬潳攠瑨敭⸠坨慴猠瑨攠扥獴⁷慹潲⁴桥畤楴潲⁴漠慤摲敳猠瑨攠獩瑵慴楯渿㰯瀾㰯摩瘾
Options:
A.
Further review closed unactioned alerts to identify mishandling of threats
B.
Omit the finding from the report as this practice is in compliance with the current policy
C.
Recommend that management enhance the policy and improve threat awareness training
D.
Reopen unactioned alerts and report to the audit committee
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠䉅協湳畲敳⁴桡琠潮汹畴桯物穥搠獯晴睡牥猠浯癥搠楮瑯⁰牯摵捴楯渠敮癩牯湭敮琿㰯瀾㰯摩瘾
Options:
A.
Restricting read/write access to production code to computer programmers only
B.
Assigning programming managers to transfer tested programs to production
C.
A librarian compiling source code into production after independent testing
D.
Requiring programming staff to move tested code into production
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠楳⁴桥⁐剉䵁剙敡獯渠景爠慮⁉匠慵摩瑯爠瑯⁵獥潭灵瑥爭慳獩獴敤畤楴⁴散桮楱略猠⡃䅁味⤿㰯瀾㰯摩瘾
Options:
A.
To efficiently test an entire population
B.
To perform direct testing of production data
C.
To conduct automated sampling for testing
D.
To enable quicker access to information
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠楳⁴桥⁍体吠捲楴楣慬桡牡捴敲楳瑩挠潦楯浥瑲楣祳瑥洿㰯瀾㰯摩瘾
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠晡捴潲猠睩汬⁂䕓吠灲潭潴攠敦晥捴楶攠楮景牭慴楯渠獥捵物瑹慮慧敭敮琿㰯瀾㰯摩瘾
Options:
A.
Senior management commitment
B.
Identification and risk assessment of sensitive resources
C.
Security awareness training
D.
Security policy framework
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨慴猠瑨攠灵牰潳攠潦祰敲癩獯爿㰯瀾㰯摩瘾
Options:
A.
Monitoring the performance of virtual machines
B.
Cloning virtual machines
C.
Deploying settings to multiple machines simultaneously
D.
Running the virtual machine environment
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠浥瑨潤猠獨潵汤攠畳敤⁴漠灵牧攠捯湦楤敮瑩慬慴愠晲潭⁷物瑥ⵯ湣攠潰瑩捡氠浥摩愿㰯瀾㰯摩瘾
Options:
C.
Remove the references to data from the access index.
D.
Write over the data with null values.
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤攠牥癩敷敤猠灡牴映愠摡瑡湴敧物瑹⁴敳琿㰯瀾㰯摩瘾
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾䄠畳敲映愠瑥汥灨潮攠扡湫楮朠獹獴敭慳潲杯瑴敮楳⁰敲獯湡氠楤敮瑩晩捡瑩潮畭扥爠⡐䥎⤬晴敲⁴桥⁵獥爠桡猠扥敮畴桥湴楣慴敤Ⱐ瑨攠䉅協整桯搠潦獳畩湧敷⁰楮猠瑯慶攺㰯瀾㰯摩瘾
Options:
A.
A randomly generated pin communicated by banking personnel
B.
Banking personnel assign the user a new PIN via email
C.
The user enter a new PIN twice
D.
Banking personnel verbally assign a new PIN
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桡琠楳渠䥓畤楴潲쎢곢蒢猠䉅協散潭浥湤慴楯渠景爠浡湡来浥湴映愠湥瑷潲欠癵汮敲慢楬楴礠慳獥獳浥湴潮晩牭猠瑨慴物瑩捡氠灡瑣桥猠桡癥潴敥渠慰灬楥搠獩湣攠瑨攠污獴獳敳獭敮琿㰯瀾㰯摩瘾
Options:
A.
Implement a process to test and apply appropriate patches
B.
Apply available patches and continue periodic monitoring
C.
Configure servers to automatically apply available patches
D.
Remove unpatched devices from the network
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹗桩捨映瑨攠景汬潷楮朠獨潵汤⁍体吠捯湣敲渠慮⁉匠慵摩瑯爠牥癩敷楮朠慮湴牵獩潮整散瑩潮祳瑥洠⡉䑓⤿㰯瀾㰯摩瘾
Options:
A.
Number of false negatives
B.
Legitimate traffic blocked by the system
C.
Number of false positives
D.
Reliability of IDS logs
<摩瘠捬慳猽≱略獴楯湃潮瑥湴∾㱰㹁散畲楴礠慤浩湩獴牡瑯爠獨潵汤慶攠牥慤ⵯ湬礠慣捥獳潲⁷桩捨映瑨攠景汬潷楮朿㰯瀾㰯摩瘾
Options:
D.
Services/daemons configuration
㱤楶污獳㴢煵敳瑩潮䍯湴敮琢㸼瀾坨楣栠潦⁴桥潬汯睩湧猠瑨攠䝒䕁呅協潮捥牮⁷楴栠捯湤畣瑩湧⁰敮整牡瑩潮⁴敳瑩湧渠慮湴敲湡汬礠摥癥汯灥搠慰灬楣慴楯渠楮⁴桥⁰牯摵捴楯渠敮癩牯湭敮琿㰯瀾㰯摩瘾
Options:
A.
The testing could create application availability issues.
B.
The testing may identify only known operating system vulnerabilities.
C.
The issues identified during the testing may require significant remediation efforts.
D.
Internal security staff may not be qualified to conduct application penetration testing.
